archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2026-05-06 22:24:04 +00:00
Code Activity

Use parameter binding in SELECT queries

Browse source
This commit is contained in:
lukinovec 2026-04-29 10:21:47 +02:00
parent 808f52765c
commit ad7d229daf
8 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Database/Concerns/ManagesPostgresUsers.php
View file

@ -77,6 +77,6 @@ trait ManagesPostgresUsers
public function userExists(string $username): bool public function userExists(string $username): bool
{ {
return (bool) $this->connection()->select("SELECT usename FROM pg_user WHERE usename = '{$username}'"); return (bool) $this->connection()->select("SELECT usename FROM pg_user WHERE usename = ?", [$username]);
} }
} }

2
src/Database/TenantDatabaseManagers/MicrosoftSQLDatabaseManager.php
View file

@ -22,6 +22,6 @@ class MicrosoftSQLDatabaseManager extends TenantDatabaseManager
public function databaseExists(string $name): bool public function databaseExists(string $name): bool
{ {
return (bool) $this->connection()->select("SELECT name FROM master.sys.databases WHERE name = '$name'"); return (bool) $this->connection()->select("SELECT name FROM master.sys.databases WHERE name = ?", [$name]);
} }
} }

2
src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php
View file

@ -24,6 +24,6 @@ class MySQLDatabaseManager extends TenantDatabaseManager
public function databaseExists(string $name): bool public function databaseExists(string $name): bool
{ {
return (bool) $this->connection()->select("SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '$name'"); return (bool) $this->connection()->select("SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = ?", [$name]);
} }
} }

2
src/Database/TenantDatabaseManagers/PermissionControlledMicrosoftSQLServerDatabaseManager.php
View file

@ -42,7 +42,7 @@ class PermissionControlledMicrosoftSQLServerDatabaseManager extends MicrosoftSQL
public function userExists(string $username): bool public function userExists(string $username): bool
{ {
return (bool) $this->connection()->select("SELECT sp.name as username FROM sys.server_principals sp WHERE sp.name = '{$username}'"); return (bool) $this->connection()->select("SELECT sp.name as username FROM sys.server_principals sp WHERE sp.name = ?", [$username]);
} }
public function makeConnectionConfig(array $baseConfig, string $databaseName): array public function makeConnectionConfig(array $baseConfig, string $databaseName): array

2
src/Database/TenantDatabaseManagers/PermissionControlledMySQLDatabaseManager.php
View file

@ -53,6 +53,6 @@ class PermissionControlledMySQLDatabaseManager extends MySQLDatabaseManager impl
public function userExists(string $username): bool public function userExists(string $username): bool
{ {
return (bool) $this->connection()->select("SELECT count(*) FROM mysql.user WHERE user = '$username'")[0]->{'count(*)'}; return (bool) $this->connection()->select("SELECT count(*) FROM mysql.user WHERE user = ?", [$username])[0]->{'count(*)'};
} }
} }

6
src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php
View file

@ -27,7 +27,7 @@ class PermissionControlledPostgreSQLSchemaManager extends PostgreSQLSchemaManage
$this->connection()->statement("GRANT USAGE, CREATE ON SCHEMA \"{$schema}\" TO \"{$username}\""); $this->connection()->statement("GRANT USAGE, CREATE ON SCHEMA \"{$schema}\" TO \"{$username}\"");
$this->connection()->statement("GRANT USAGE ON ALL SEQUENCES IN SCHEMA \"{$schema}\" TO \"{$username}\""); $this->connection()->statement("GRANT USAGE ON ALL SEQUENCES IN SCHEMA \"{$schema}\" TO \"{$username}\"");
$tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = '{$schema}' AND table_type = 'BASE TABLE'"); $tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = ? AND table_type = 'BASE TABLE'", [$schema]);
// Grant permissions to any existing tables. This is used with RLS // Grant permissions to any existing tables. This is used with RLS
foreach ($tables as $table) { foreach ($tables as $table) {
@ -37,9 +37,9 @@ class PermissionControlledPostgreSQLSchemaManager extends PostgreSQLSchemaManage
$primaryKey = $this->connection()->selectOne(<<<SQL $primaryKey = $this->connection()->selectOne(<<<SQL
SELECT column_name SELECT column_name
FROM information_schema.key_column_usage FROM information_schema.key_column_usage
WHERE table_name = '{$tableName}' WHERE table_name = ?
AND constraint_name LIKE '%_pkey' AND constraint_name LIKE '%_pkey'
SQL)->column_name; SQL, [$tableName])->column_name;
// Grant all permissions for all existing tables // Grant all permissions for all existing tables
$this->connection()->statement("GRANT ALL ON \"{$schema}\".\"{$tableName}\" TO \"{$username}\""); $this->connection()->statement("GRANT ALL ON \"{$schema}\".\"{$tableName}\" TO \"{$username}\"");

2
src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php
View file

@ -20,6 +20,6 @@ class PostgreSQLDatabaseManager extends TenantDatabaseManager
public function databaseExists(string $name): bool public function databaseExists(string $name): bool
{ {
return (bool) $this->connection()->select("SELECT datname FROM pg_database WHERE datname = '$name'"); return (bool) $this->connection()->select("SELECT datname FROM pg_database WHERE datname = ?", [$name]);
} }
} }

2
src/Database/TenantDatabaseManagers/PostgreSQLSchemaManager.php
View file

@ -20,7 +20,7 @@ class PostgreSQLSchemaManager extends TenantDatabaseManager
public function databaseExists(string $name): bool public function databaseExists(string $name): bool
{ {
return (bool) $this->connection()->select("SELECT schema_name FROM information_schema.schemata WHERE schema_name = '$name'"); return (bool) $this->connection()->select("SELECT schema_name FROM information_schema.schemata WHERE schema_name = ?", [$name]);
} }
public function makeConnectionConfig(array $baseConfig, string $databaseName): array public function makeConnectionConfig(array $baseConfig, string $databaseName): array